Difference between revisions of "Mobile Health Implementation"
(→Security Measures) |
(→Security Measures) |
||
| Line 49: | Line 49: | ||
* Securely destroy or delete PHI when upgrading or disposing of mobile devices | * Securely destroy or delete PHI when upgrading or disposing of mobile devices | ||
* Disable emails auto-forwarding feature | * Disable emails auto-forwarding feature | ||
| − | |||
| − | |||
| − | |||
== Evaluating Mobile Technology == | == Evaluating Mobile Technology == | ||
Revision as of 19:11, 8 March 2012
Contents
Definitions
Security Risks
- assume built in security is not adequate which places the problem on the device itself.
- Fragmentation - diversity of mobile products in the marketplace
vendors lack experience with security measures across multiple mobile devices.
HIPAA Security Requirements
Security Measures
Because of the proliferation and variety of mobile devices being used in the healthcare industry, it is that much more important to understand the precautions that must be in place in order to comply with the standards required by HIPAA.
white paper
The Journal of AHIMA has publish safeguards against loss or theft of your mobile device. These safeguards include:
- Never leaving mobile devices unattended.
- Identify your mobile device by affixing a business card or ID tag to it
- Invest in a tether or cable lock to secure your laptop to something stationary such as airport seating or and office desk
- Install office security cameras to deter over-confident thieves
- Minimize the amount of sensitive information on the device
- Protect USB storage devices with passwords
- Disable USB ports
- Turn off wireless file transfer capabilities
- Password protect the BIOS to prevent disk access through changing the BIOS configuration
- Create a user account password and remove guest accounts
- Require manual log on for VPN connection
- Invest in tracking software
- Encrypt the file system
- Use a firewall when accessing public/private networks
Yale University also has Protected Health Information (PHI) Security Compliance policies. They are :
- Implement a lock-out setting after more than 10 failed attempts
- Cap message storage at 200 or 14 days of messages
- Require all applications to meet HIPAA security standards
- Keep the operating system and all software current with latest security updates
- Subscribe to a remote deletion service
- Prohibit use of unauthorized software and hardware
- Require VPN services when connecting to organization network via digital cellular
- When transferring files, only allow secure file transfer protocol (SFTP)
- Only store protected health information (PHI) on IT department-owned servers
- Install and use privacy filters if screens display PHI
- Securely destroy or delete PHI when upgrading or disposing of mobile devices
- Disable emails auto-forwarding feature
Evaluating Mobile Technology
HIPAA Guidance Online Tech white paper
Mobility Trends in Healthcare
Aruba Networks, Inc conducted a survey...
Sources
References
http://mobihealthnews.com/10747/how-mobile-health-can-abide-by-hipaa/
http://www.arubanetworks.com/pdf/solutions/HIMSSSurvey_2012.pdf
